Operational Risk and the Management of Operational Risks (Operations & Operational Risk Management)

00:00

operational risk and the management of

00:02

operational risks

00:04

welcome to the risk management of

00:05

everything channel on this channel you

00:08

will see videos on risk management and

00:10

the application of risk management to

00:12

diverse areas and sectors if you are new

00:15

here make sure to subscribe to our

00:17

channel and press the notification

00:19

button so you can be notified when we

00:22

upload new videos

00:24

thank you

00:25

this video discusses operational risk

00:27

and the management of operational risks

00:30

in this video you will understand the

00:32

meaning of operational risk types of

00:35

operational risk impacts of operational

00:38

risk operational risk management the

00:40

benefits of operational risk management

00:43

how operational risk management works

00:46

operational risk management principles

00:48

operational risk management process keys

00:51

to reducing a firm's operational risk

00:54

and the seven-step approach to mitigate

00:56

operational risk management

00:58

now let us start

01:01

what is operational risk

01:03

operational risk is the possibility of

01:05

business operations failing due to

01:07

inefficiencies or breakdowns in a firm's

01:10

internal processes people and systems

01:14

human error and external events such as

01:16

regulatory changes are common sources of

01:19

such risk the basel committee on banking

01:22

supervision has described the

01:24

operational risk as the risk of loss

01:26

resulting from inadequate or failed

01:28

internal processes people systems or

01:31

external events as such operational risk

01:35

captures business continuity plans

01:37

environmental risk crisis management

01:40

process systems and operations risk

01:43

people-related risks and health and

01:45

safety and information technology risks

01:48

all these risks need to be managed and

01:51

the more sophisticated the approach to

01:53

risk management the more chance the

01:55

business must thrive and grow

01:57

no business is immune to operational

02:00

risk

02:00

at any time in any business task or

02:03

process the risk may arise from internal

02:06

process failures or gaps human error

02:09

system failures or external risks

02:12

imposed by customers suppliers natural

02:15

disasters regulatory changes or

02:17

geopolitical shifts operational risk may

02:21

include legal risks risks to human

02:24

capital and physical business assets or

02:26

risks to the bottom line of the business

02:29

typically strategic and reputational

02:31

risks are not included in the definition

02:33

of operational risk but they may be

02:36

adversely impacted when operational

02:38

risks remain unchecked for too long

02:40

operational risk relates to the

02:42

production process

02:44

this includes the process itself the

02:46

asset base the people within any project

02:49

team and the legal controls within which

02:51

the organization operates

02:54

operational risk can be defined as the

02:56

risk of direct or indirect loss

02:58

resulting from inadequate or failed

03:00

internal processes people and systems or

03:03

external events

03:04

operational risk also effectively

03:07

includes anything that can impact the

03:08

organization's overall performance and

03:11

ability to create value operational risk

03:14

therefore includes events such as

03:16

mistakes or missed opportune at ease

03:19

the primary element of operational risk

03:21

management is that the organization's

03:23

control monitoring and assurance

03:26

activities should be based on a

03:27

comprehensive business risk assessment

03:30

that identifies and ranks risks by their

03:32

significance to the company in

03:34

determining significance the risks must

03:37

be evaluated in the likelihood and

03:39

impact on the organization it is this

03:41

latter aspect of the impact that needs

03:44

to be well defined

03:45

traditional measures have focused on a

03:47

financial value or the potential for

03:49

injury although these aspects must be

03:52

considered the primary consideration is

03:54

how the risk impacts the firm's

03:56

strategic objectives the process of

03:59

operational risk management includes the

04:01

product itself its suitability for

04:04

market demand marketing and sales and

04:06

delivery people risks include risks

04:09

associated with human resources and

04:11

staff development

04:13

legal risks include contractual issues

04:16

together with statutory obligations and

04:18

liability

04:20

types of operational risk

04:22

operational risk is associated with how

04:25

businesses function internally and

04:27

broadly cover the following categories

04:29

1.

04:30

fraud for example bribery misuse of

04:34

assets and tax evasion

04:36

2. other criminal activity for example

04:39

data theft and hacking 3. workplace

04:43

policies and safety for example

04:46

discrimination staff health and safety

04:49

4. products and business practice for

04:52

example product defects and market

04:55

manipulation

04:56

5. physical assets for example vandalism

05:01

natural disasters and equipment

05:03

maintenance

05:05

6. business disruption for example

05:08

utility down times and it system

05:10

failures and

05:12

7. process management for example

05:16

accounting errors data entry errors and

05:19

non-reporting

05:20

these risks present varying threat

05:22

levels to business from a minor

05:24

inconvenience to potentially putting its

05:26

very existence in jeopardy the company

05:29

should not underestimate the potential

05:31

impacts of operational risk

05:33

impacts of operational risk

05:36

if operational risks materialize they

05:39

may cause significant damage to a

05:41

business including

05:44

outright loss for example costs of

05:46

dealing with system failure and

05:48

processing error

05:50

regulatory overhead for example costs of

05:53

audits and mandated investigations and

05:58

reputational damage for example arising

06:01

from fraudulent activity and unfair

06:03

practices

06:04

contrary to other types of business

06:06

risks operational risks are not

06:09

typically revenue driven or willingly

06:11

incurred some organizations accept them

06:14

as an unavoidable cost of doing business

06:16

however an organization can reduce its

06:19

risk exposure and operating costs by

06:22

developing a sound operational risk

06:24

management strategy for its business

06:27

operational risk management

06:29

operational risk management is a way to

06:31

get a holistic view of a company's risk

06:33

footprint throughout the supply chain

06:36

and everyone across the organization has

06:38

a role to play in making an

06:40

organization's safety culture the best

06:42

it can be operational risk management is

06:45

a methodology for organizations looking

06:47

to put real oversight a nd strategy into

06:50

place when it comes to managing risks

06:53

every business face circumstances and

06:55

changes in their situation that can be

06:57

perceived as presenting varying levels

06:59

of risk to that business from minor

07:01

inconveniences to potentially putting

07:03

its existence in jeopardy operational

07:06

risk management is a continual process

07:08

of assessing risks and implementing

07:10

relevant controls that lead to either

07:12

acceptance mitigation or avoidance of

07:16

risk it is however necessary to

07:19

understand the nature of a business and

07:21

associated risks to ensure sound

07:23

operational risk management this

07:26

understanding will help the organization

07:28

identify assess monitor and adequately

07:31

control or mitigate the risks

07:34

to achieve organizational operational

07:36

risk goals companies must work together

07:39

to mitigate risk and that includes a

07:41

need for

07:43

1. corporate leaders make safety part of

07:46

their value structure by initiating and

07:48

driving a safety culture throughout the

07:50

organization

07:51

2. engineers to apply inherently safe

07:54

design principles

07:56

3 maintenance engineers to verify

07:59

isolations while reliability engineers

08:01

maintain asset up time

08:04

4. operators to start up shut down and

08:07

respond to abnormal conditions

08:10

5. procurers suppliers and transporters

08:13

to understand their contribution to

08:15

delivering and managing quality spare

08:17

parts materials and services that

08:20

prevent the loss of containment

08:22

operational risk management has evolved

08:25

to become much more technologically

08:27

advanced which has led to the concept of

08:29

integrated risk management irm

08:32

integrated risk management is where

08:34

software and technology work together to

08:36

help organizations predict where their

08:38

most significant risks might be while

08:40

connecting different risk mitigation

08:43

areas through cloud technology

08:45

integrated risk management can also

08:47

offer companies prescriptive advice to

08:49

determine the leading indicators to help

08:51

them mitigate incidents before they

08:53

occur

08:54

corporate leaders must create a culture

08:57

that makes operational risk management

08:59

mitigation strategy a crucial part of

09:01

their corporate value proposition doing

09:04

so will help firms to keep their people

09:06

safe their products sustainable and

09:09

their operations productive

09:11

effective operational risk management

09:14

can also help a business organization to

09:17

1. prevent unexpected operational loss

09:21

to

09:22

cut compliance or auditing costs

09:25

3. detect unlawful activities and

09:29

4. minimize exposure to future risks

09:33

benefits of operational risk management

09:36

operational risk management is

09:38

beneficial to business organizations

09:41

operational risk management is an

09:43

essential step for every company that is

09:45

looking to avoid potentially damaging

09:47

issues benefits of operational risk

09:50

management include

09:52

1.

09:53

improvement of the reliability of

09:54

business operations

09:56

2.

09:57

improvement of the effectiveness of the

09:59

risk management operations

10:02

3. strengthening of the decision-making

10:05

process regarding the management of

10:07

risks

10:08

4. reduction in losses caused by poorly

10:11

identified re sks

10:14

5. early identification of unlawful

10:17

activities

10:19

6. lower compliance costs

10:22

7. reduction in potential damage from

10:25

future risk show operational risk

10:27

management works

10:29

the first stage of any operational risk

10:32

management strategy is understanding the

10:34

nature of a business and its risks

10:36

manage a company that runs water ski

10:39

lessons the business will be susceptible

10:41

to risks different from that of a

10:43

company that creates technology for

10:45

vending machines

10:47

worrying about risks that are not

10:49

related to a business amount to a waste

10:51

of time

10:52

there are three levels of operational

10:54

risk management that an organization can

10:56

adopt

10:58

1.

10:59

in depth as the name suggests this is

11:02

the kind of risk management that we

11:03

would all be undertaking in an ideal

11:05

world as it will deliver the best

11:07

results and practically makes risk a

11:09

thing of the past not wholly because not

11:12

every risk is foreseeable

11:14

2. deliberate this is still not a panic

11:17

station in the world of risk management

11:19

but is undertaken at various stages

11:21

during the life cycle of a project or a

11:24

business and can come in the form of

11:25

routine safety checks or performance

11:28

reviews

11:29

3.

11:30

time critical this kind of operational

11:33

risk management often requires urgent

11:35

attention during operational change it

11:38

is usually done when there is a limited

11:40

time to act before the potential

11:42

consequences of unknown risks start

11:45

manifesting

11:46

operational risk management principles

11:49

four essential principles govern all

11:51

actions associated with operational risk

11:54

management the four principles of

11:57

operational risk management apply to all

11:59

tasks and operations at all levels of

12:01

responsibility within organizations

12:05

1. do not accept unnecessary risk

12:08

unnecessary risk has no commensurate

12:10

return regarding benefits or

12:12

opportunities everything involves and

12:15

implies risks the most logical choice

12:18

for accomplishing an operation should

12:20

meet the minimum acceptable requirements

12:22

the corollary to this axiom is accept

12:24

necessary risk which is required to

12:27

complete the operation or task

12:29

successfully

12:30

2. make risk decisions at the

12:32

appropriate level anyone can make a risk

12:35

decision however the appropriate

12:38

decision maker is the person who can

12:40

allocate the resources to reduce or

12:42

eliminate the risk and implement

12:44

controls the decision maker must be

12:47

authorized to accept levels of risk

12:49

typical of the planned operation

12:51

including equipment's wear and tear and

12:53

loss of operational effectiveness he

12:55

should elevate decisions to the next

12:57

level in the management chain by

12:59

ensuring that the available control will

13:01

not reduce residual risk to an

13:03

acceptable level

13:05

3. accept risk when benefits outweigh

13:08

the costs cost implications of all

13:10

identified benefits should be assessed

13:13

before accepting operational risks for

13:16

instance high risk endeavors may be

13:18

undertaken when the benefits exceed the

13:20

total costs

13:22

balancing costs and benefits is a

13:24

subjective process and ultimately the

13:26

balance may have to be arbitrarily

13:28

determined by the appropriate decision

13:30

maker

13:32

for integrate operational risk

13:34

management into planning at all levels

13:36

risks can be easily assessed and managed

13:39

at the planning stages of an operation

13:41

subsequent changes can be made during

13:44

the planning and implementation of

13:45

operations this is because both planning

13:48

and operational risk management are

13:50

continuous processes

13:52

operational risk management process

13:55

there are five stages of operational

13:58

risk management risk identification risk

14:01

assessment measurement and mitigation

14:03

and monitoring and reporting

14:06

step 1 risk identification

14:09

operational risks must be identified to

14:11

ensure effective management and control

14:14

risk identification starts by

14:16

understanding the organization's

14:18

objectives risks represent anything that

14:21

prevents the organization from attaining

14:23

its objectives the identification

14:26

process should involve staff from all

14:28

levels of the business to ensure that

14:30

various backgrounds and experiences

14:33

generate a cohesive result

14:35

step 2 risk assessment

14:38

risk assessment is a systematic process

14:40

for rating risks of likelihood and

14:42

impact the outcome from the risk

14:44

assessment is a prioritized listing of

14:47

known risks the risk assessment process

14:50

may be like the risk assessment done by

14:52

an internal audit the assessment step

14:54

entails applying quantitative and

14:56

qualitative measures to determine the

14:58

level of risk associated with specific

15:00

hazards the risk assessment process

15:03

defines the probability and severity of

15:05

an accident resulting from the hazards

15:07

based upon the exposure of humans or

15:09

assets to the hazards step 3 risk

15:13

mitigation

15:14

the risk mitigation step involves

15:16

choosing a path for controlling the

15:18

specific risks the company should

15:21

investigate specific strategies and

15:23

tools that reduce mitigate or eliminate

15:26

the risk all risks have three components

15:29

the probability of occurrence the

15:31

severity of the hazard and people and

15:33

equipment's exposure to the risk

15:36

effective control measures reduce or

15:38

eliminate at least one of these

15:40

the analysis must consider the overall

15:42

costs and benefits of remedial actions

15:45

providing choices if possible in the

15:47

operational risk management process

15:50

there are four options for risk

15:51

mitigation risk transfer risk avoidance

15:55

risk acceptance and risk control

15:58

1.

15:59

risk transfer

16:01

risk transfer entails shifting the risk

16:03

to another organization the two most

16:06

common means for transferring are

16:08

outsourcing and insurance outsourcing is

16:11

a business practice in which a company

16:13

hires a third party to perform tasks

16:16

handle operations or provide services

16:19

it is worthwhile to emphasize that

16:21

management cannot wholly transfer the

16:23

responsibility for controlling risk when

16:25

outsourcing insurance entails ensuring

16:28

against the risk ultimately transferring

16:31

some of the risks financial impacts to

16:33

an insurance company a good example of

16:36

transferring risk occurs with

16:38

cloud-based software companies when a

16:41

company purchases cloud-based software

16:44

the contract usually includes a clause

16:47

for data breach insurance the purchaser

16:50

is ensuring the vendor can pay for

16:51

damages in the event of a data breach

16:54

the vendor should also have data center

16:56

to provide system and organization

16:58

control soc reports thereby reducing the

17:02

likelihood of a data breach

17:05

2. risk avoidance

17:07

avoidance prevents the organization from

17:10

entering accepting a risk

17:12

risk avoidance eliminates hazards

17:14

activities and exposures that can

17:16

negatively affect an organization's

17:18

assets for example when choosing a

17:21

vendor for a service the organization

17:23

could accept a vendor with a higher

17:25

priced bid if the lower cost vendor does

17:27

not have adequate references while risk

17:30

management aims to control the damages

17:32

and financial consequences of

17:34

threatening events risk avoidance seeks

17:36

to avoid compromising events entirely

17:39

while the complete elimination of all

17:41

risk is rarely possible a risk avoidance

17:44

strategy is designed to deflect as many

17:46

threats as possible to avoid the costly

17:49

and disruptive consequences of a

17:51

damaging event a risk avoidance

17:53

methodology attempts to minimize

17:55

vulnerabilities that can pose a threat

17:58

risk avoidance and mitigation can be

18:00

achieved through policy and procedure

18:02

training and education and technology

18:05

implementations

18:07

3.

18:08

risk acceptance

18:09

risk acceptance is a concept where an

18:11

individual or business identifies risk

18:14

and renders it acceptable thereby making

18:16

no effort to reduce or mitigate it the

18:19

potential loss from the identified and

18:21

accepted risk is considered bearable by

18:24

comparing the risk to the cost of

18:26

control management could accept the risk

18:28

and move forward with the risky choice

18:31

risk acceptance is a reasonable option

18:33

for small and infrequent risks because

18:35

they are not catastrophic or expensive

18:38

hence there is no critical need to

18:40

manage them the impacts of such

18:42

uncertainties are usually bearable and

18:44

accepted as part of the operations and

18:47

treated as they occur

18:49

4. risk control

18:51

controls are processes of an

18:53

organization to reduce the impact of a

18:55

risk to increase the likelihood of

18:57

meeting the corporate objectives

18:59

for example installing software behind a

19:02

firewall reduces the likelihood of

19:04

hackers gaining access while backing up

19:07

the network reduces the impact of a

19:09

compromised network

19:11

step 4 implement risk control

19:14

once the risk mitigation choice

19:16

decisions are made the next step is

19:19

implementation management must formulate

19:22

a plan for applying the selected

19:24

controls by ensuring the availability of

19:26

resources including materials and

19:29

personnel to facilitate a robust

19:31

operational risk management framework

19:34

the control rationale objective and

19:37

activity should be well documented to

19:39

communicate and execute the controls the

19:42

controls implemented should focus on

19:44

preventive control activities over

19:46

policies

19:47

step 5 monitoring and review

19:50

once controls are in place the process

19:53

must be monitored and reviewed regularly

19:55

to ensure their effectiveness control

19:58

monitoring involves testing the control

20:00

for appropriateness of design

20:02

implementation and operating

20:04

effectiveness any exceptions or issues

20:07

should be reported to the management to

20:09

established necessary action plans

20:12

workers and managers at every level must

20:14

fulfill their respective roles to ensure

20:17

that the controls are well maintained

20:19

the operational risk management process

20:22

continues throughout the life cycle of

20:23

the organization keys to reducing a

20:25

firm's operational risk

20:28

the proposed mitigation strategy for

20:30

most risks usually includes creating new

20:32

business processes or adjustments to

20:35

existing processes some businesses

20:37

promulgate new policies and procedures

20:40

by email in the immediate aftermath of

20:42

an incident that impacts operational

20:44

risk in the crush of their daily tasks

20:47

even the most willing and motivated

20:49

employees often forget the new rules

20:52

businesses that have already embraced

20:54

workflow automation can easily create

20:56

new workflows alter approval

20:59

requirements and create monitoring

21:01

dashboards so that compliance with

21:03

operational risk management procedures

21:06

is ensured the system enforces

21:08

compliance with the new risk mitigation

21:10

procedures

21:12

when defining new workflows to deal with

21:14

specific operational risks there are a

21:17

few guiding principles to keep in mind

21:20

1.

21:21

identify and divide tasks

21:24

list the necessary steps for eliminating

21:26

a particular risk if a single individual

21:29

or role is currently performing them

21:31

divide the tasks so that one role

21:33

performs the tasks and another role

21:35

checks or approves the result of the

21:37

task

21:38

2. assign tasks to the right people it

21:42

is good to assign tasks to the right

21:44

employees to achieve a firm's objectives

21:47

the company must not be so aggressive in

21:49

trying to level workloads and tasks

21:51

assigned to employees who are not

21:53

trained or unwilling to accept

21:54

additional responsibilities

21:57

3. streamline and automate business

22:00

processes

22:01

operational risk can be reduced by

22:04

automating business processes the

22:06

company should replace internalized

22:08

judgment with data-driven business rules

22:10

to eliminate significant sources of

22:13

human error

22:14

4. brainstorm the exceptions

22:17

many risk events stem from the

22:19

unforeseen exception situation not

22:21

examined during the initial business

22:23

process design

22:25

rush orders sudden staff departures

22:28

receipt of substandard raw materials

22:31

missed steps during the business peak

22:33

season or product recalls are some of

22:35

the accepted situations that may

22:37

introduce operational risk if no formal

22:40

processes are in place

22:42

5. measure performance and exceptions

22:46

data is crucial because it provides

22:48

businesses with the means of validating

22:50

their initial risk assessment is the

22:52

frequency and impact severity in line

22:55

with what the company initially

22:56

anticipated is the current mitigation

22:59

strategy working or does the company

23:01

needs to tweak it are some individuals

23:04

or departments better than others at

23:06

reducing this risk or should the company

23:08

change its initial decisions if the

23:11

company is served with a lawsuit or face

23:13

government review because of a

23:15

particular risk a firm's historical data

23:18

is often crucial to minimizing fees

23:21

judgments and fines

23:23

6. adopt an ongoing approach

23:26

risk assessment is only meaningful in

23:29

the context of the current business

23:30

situation last year's risks and

23:33

mitigation strategies may now work in

23:35

today's world the company should review

23:38

its risk assessment regularly quarterly

23:41

semi-annually or annually if the company

23:44

needs to tighten or loosen some of its

23:46

corporate rules or change its workflows

23:49

this can be accomplished quickly with

23:51

the workflow automation tool

23:54

the seven-step approach to mitigate

23:56

operational risk management

23:59

operational risks impact the reputation

24:01

and financial stability of a business

24:03

significantly lack of robust risk

24:06

mitigation strategy will result in

24:08

various operational failures leading to

24:11

crises in organizational management that

24:14

is why many businesses invest in

24:16

designing a robust risk management

24:18

framework essentially operational risks

24:21

are best discovered controlled and

24:23

mitigated using a seven-step approach it

24:26

supports multiple facets and can

24:29

alleviate numerous risks concurrently

24:31

here is the seven-step approach to

24:33

mitigate operational risk management

24:37

one

24:38

task segregation effective segregation

24:40

of tasks and duties reduces internal

24:43

theft and risks related to fraud this

24:46

prevents an individual from taking

24:48

advantage of the numerous aspects of

24:50

transactions and business processes or

24:52

practices

24:54

2. curtailing complexities in business

24:57

processes reducing complexity in

24:59

different business processes mitigates

25:01

operational risks

25:03

organizations can achieve this by

25:05

curtailing manual activities and the

25:07

number of people and exceptions during

25:10

business processes

25:12

3. reinforcing organizational ethics

25:15

creating strong organizational ethics is

25:17

essential to mitigate operational risk

25:20

and ensure a robust operational risks

25:22

management framework organizational

25:25

ethics can be reinforced by combining

25:27

the workforce's values and principles

25:30

with the organization's ideology

25:33

4. the right people for the right job

25:36

having the right people in the right

25:38

jobs can reduce business process

25:40

execution and skill and technology

25:42

usage issues having the right people in

25:45

the right jobs will also result in

25:47

appropriate workforce utilization

25:49

adherence to timelines enhanced quality

25:53

fewer errors and process breakdowns

25:56

5. regular monitoring and evaluation

25:59

business processes are more effective

26:01

with well-designed performance

26:03

indicators in place key performance

26:06

indicators kpis are critical for timely

26:09

detection and mitigation of risks

26:12

hence the need for continuous monitoring

26:15

and review to identify discrepancies and

26:17

be proactive in managing them

26:20

6. periodic risk assessment periodic

26:23

assessments of all operational risks

26:26

ensure a robust operational risk

26:28

management framework it is imperative to

26:31

be risk ready by ensuring regulatory

26:33

compliance i.t assets skills

26:36

competencies processes and objective

26:39

business decisions

26:41

7. look back and learn risk incidents

26:45

and remedial activities employed in the

26:47

past will help build effective

26:48

strategies to counter future risks

26:51

previous risk occurrences will help an

26:53

organization to implement a more robust

26:56

proactive operational risk management

26:58

framework it also supports real-time

27:01

amendments that suit the current

27:03

operating scenario

27:05

conclusion

27:06

operational risk and management risk

27:09

management have been discussed in this

27:10

video operational risk is the

27:13

possibility of business operations

27:15

failing due to inefficiencies or

27:17

breakdown in internal processes people

27:20

and systems human error and external

27:22

events such as regulatory changes are

27:25

familiar sources of such operational

27:28

risk

27:29

if operational risks materialize they

27:31

can cause significant damage to a

27:33

business operational risks can also

27:36

impact the reputation and financial

27:38

stability of a business significantly

27:41

hence it is essential to manage the

27:43

operational risk exposure of a business

27:45

effectively operational risk management

27:48

is a continual process of assessing

27:50

risks and implementing relevant controls

27:52

that lead to either acceptance

27:54

mitigation or avoidance of risk

27:58

i hope the video is educative and

27:59

beneficial to you please post your

28:02

comments below in the comments section

28:05

if this video has been educative and

28:07

beneficial to you then give it a thumbs

28:09

up and share it with your friends

28:12

thank you for seeing the risk management

28:14

of everything videos

28:16

we love to hear from you please post

28:19

your comments and questions in the

28:20

comment section down below

28:23

if you are new here make sure to

28:25

subscribe to our channel risk management

28:27

of everything channel and press the

28:29

notification button so you can be

28:31

notified when we upload new videos

28:34

thank you